RubyGems - ruby_smb - Versions diffs - 3.1.4 → 3.1.7 - Mend

ruby_smb 3.1.4 → 3.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 587f03eec26c36a6ca67ffde30bb05881a456609dff32873b912e7763d266f25
-  data.tar.gz: 18c3b50b89657fe874d0a13904dad2b36c01c49089f01b5a3821d1733eb07c61
+  metadata.gz: 2709740a324a2a43861b70704a20c07ad3302390e40ad2cb2b19aa4574e1718c
+  data.tar.gz: 9a4e4d4e59ae52a67b02f098c4610137182e5ff2cb4106a5d710c5b9e5d0de44
 SHA512:
-  metadata.gz: cd6f94e4b093ecab453e6e7f2056bfb7b52fbf2cfec51a26eceb2761b98c78bfd0fe273f083b1ec7db69f553ac7b8fb594e4d7c31ea8468e02337611b0bd4541
-  data.tar.gz: 4b5d924834a9168458ad50afcf6b27df5ba9ab50632b4b81db1e226235c7ebe80540e05fdc4aa6a6a608a6365e83f937304e0289a9d8e5689480f3021f6dd07e
+  metadata.gz: 00004e2a2b38ebdf190ec39bdf6abc27607ac227d705b4e5f7943737a3119ad13102ddf3884bfb697b3f7bca9ec29b45db2a0554811fd41f8e67a9bd96463244
+  data.tar.gz: 677c779a105a0a8c478923e784500c0b9ec1710d9d332a87e4967a372987c3abb86a054254b0ec4ed2e7b4ad11527fa4c3fcc9fb233df92108f8700d3bb21d93

checksums.yaml.gz.sig CHANGED Viewed

@@ -1 +1,3 @@
-2�Q�k��� :�x_��'{Ѷ?����Y������;�}���5
+���R���MKK+k06���x����<���P�0��ĕ���q/�k��7�+��HJÈ��b�
+�f��
+C�AW���9bX��}���{*�!�Rҁ�1zf��`Y>���T:s�%�?2�&Or(�y�B�c��>��T�J�G�Vam�Y2�-��_�H�ч�U*f�{��܋���a�^���;�O�,¬�6�@�ҏv`GFm��X�x��w���~zao	{�|�y���~�>d�`�}��=>(yS��y����X���j

data/.github/workflows/verify.yml CHANGED Viewed

@@ -1,5 +1,21 @@
 name: Verify
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
 on:
   push:
     branches:
@@ -10,7 +26,7 @@ on:
 jobs:
   test:
-    runs-on: ubuntu-18.04
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 40
     strategy:
@@ -19,15 +35,22 @@ jobs:
         ruby:
           - 2.6
           - 2.7
-          - 3.0.3
-          - 3.1.1
+          - 3.0
+          - 3.1
+        os:
+          - ubuntu-18.04
+          - ubuntu-22.04
+        exclude:
+          - { os: ubuntu-22.04, ruby: 2.6 }
+          - { os: ubuntu-22.04, ruby: 2.7 }
+          - { os: ubuntu-22.04, ruby: 3.0 }
         test_cmd:
           - bundle exec rspec
     env:
       RAILS_ENV: test
-    name: Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v2

data/README.md CHANGED Viewed

@@ -1,7 +1,6 @@
 # RubySMB
 [![Code Climate](https://codeclimate.com/github/rapid7/ruby_smb.png)](https://codeclimate.com/github/rapid7/ruby_smb)
-[![Coverage Status](https://coveralls.io/repos/github/rapid7/ruby_smb/badge.svg?branch=master)](https://coveralls.io/github/rapid7/ruby_smb?branch=master)
 This is a native Ruby implementation of the SMB Protocol Family. It currently supports:

data/lib/ruby_smb/client/authentication.rb CHANGED Viewed

@@ -80,7 +80,7 @@ module RubySMB
         type2_b64_message = smb1_type2_message(challenge_packet)
         type3_message = @ntlm_client.init_context(type2_b64_message)
-        @session_key = @ntlm_client.session_key
+        @application_key = @session_key = @ntlm_client.session_key
         challenge_message = @ntlm_client.session.challenge_message
         store_target_info(challenge_message.target_info) if challenge_message.has_flag?(:TARGET_INFO)
         @os_version = extract_os_version(challenge_message.os_version.to_s) unless challenge_message.os_version.empty?
@@ -210,7 +210,7 @@ module RubySMB
         type2_b64_message = smb2_type2_message(challenge_packet)
         type3_message = @ntlm_client.init_context(type2_b64_message)
-        @session_key = @ntlm_client.session_key
+        @application_key = @session_key = @ntlm_client.session_key
         challenge_message = ntlm_client.session.challenge_message
         store_target_info(challenge_message.target_info) if challenge_message.has_flag?(:TARGET_INFO)
         @os_version = extract_os_version(challenge_message.os_version.to_s) unless challenge_message.os_version.empty?
@@ -227,6 +227,21 @@ module RubySMB
             # disable encryption when necessary
             @session_encrypt_data = false
           end
+          # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/7fd079ca-17e6-4f02-8449-46b606ea289c
+          if @dialect == '0x0300' || @dialect == '0x0302'
+            @application_key = RubySMB::Crypto::KDF.counter_mode(
+              @session_key,
+              "SMB2APP\x00",
+              "SmbRpc\x00"
+            )
+          else
+            @application_key = RubySMB::Crypto::KDF.counter_mode(
+              @session_key,
+              "SMBAppKey\x00",
+              @preauth_integrity_hash_value
+            )
+          end
           # otherwise, leave encryption to the default value that it was initialized to
         end
         ######

data/lib/ruby_smb/client.rb CHANGED Viewed

@@ -54,6 +54,13 @@ module RubySMB
     # The default maximum size of a SMB message that the Server accepts (in bytes)
     SERVER_MAX_BUFFER_SIZE = 4356
+    # The application key. After authenticating to the remote server, this value is the session key for dialects less
+    # than version 3 and a unique value for v3 dialects. See:
+    # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/901ae284-31d3-4ea1-ae8a-766fc8bfe00e
+    # @!attribute [rw] application_key
+    #   @return [String]
+    attr_accessor :application_key
     # The dispatcher responsible for sending packets
     # @!attribute [rw] dispatcher
     #   @return [RubySMB::Dispatcher::Socket]
@@ -288,7 +295,7 @@ module RubySMB
     attr_accessor :negotiated_smb_version
     # Whether or not the server supports multi-credit operations. It is
-    # reported by the LARGE_MTU capabiliy as part of the negotiation process
+    # reported by the LARGE_MTU capability as part of the negotiation process
     # (SMB 2.x and 3.x).
     # @!attribute [rw] server_supports_multi_credit
     #   @return [Boolean] true if the server supports multi-credit operations,
@@ -319,6 +326,7 @@ module RubySMB
       @sequence_counter  = 0
       @session_id        = 0x00
       @session_key       = ''
+      @application_key   = ''
       @session_is_guest  = false
       @signing_required  = false
       @smb1              = smb1
@@ -623,6 +631,7 @@ module RubySMB
     def wipe_state!
       self.session_id       = 0x00
       self.user_id          = 0x00
+      self.application_key  = ''
       self.session_key      = ''
       self.session_is_guest = false
       self.sequence_counter = 0

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_request.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+      # [3.1.4.4.1 NetrDfsAddStdRoot (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/b18ef17a-7a9c-4e22-b1bf-6a4d07e87b2d)
+      class NetrDfsAddStdRootRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_conf_var_wide_stringz :server_name
+        ndr_conf_var_wide_stringz :root_share
+        ndr_conf_var_wide_stringz :comment
+        ndr_uint32                :api_flags
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_ADD_STD_ROOT
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_response.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+      # [3.1.4.4.1 NetrDfsAddStdRoot (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/b18ef17a-7a9c-4e22-b1bf-6a4d07e87b2d)
+      class NetrDfsAddStdRootResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_uint32 :error_status
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_ADD_STD_ROOT
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_request.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+      # [3.1.4.4.2 NetrDfsRemoveStdRoot (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/e9da023d-554a-49bc-837a-69f22d59fd18)
+      class NetrDfsRemoveStdRootRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_conf_var_wide_stringz :server_name
+        ndr_conf_var_wide_stringz :root_share
+        ndr_uint32                :api_flags
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_REMOVE_STD_ROOT
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_response.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+      # [3.1.4.4.2 NetrDfsRemoveStdRoot (Opnum 13)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/e9da023d-554a-49bc-837a-69f22d59fd18)
+      class NetrDfsRemoveStdRootResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_uint32 :error_status
+        def initialize_instance
+          super
+          @opnum = NETR_DFS_REMOVE_STD_ROOT
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/dfsnm.rb ADDED Viewed

@@ -0,0 +1,84 @@
+module RubySMB
+  module Dcerpc
+    module Dfsnm
+      UUID = '4fc742e0-4a10-11cf-8273-00aa004ae673'
+      VER_MAJOR = 3
+      VER_MINOR = 0
+      # Operation numbers
+      NETR_DFS_ADD_STD_ROOT    = 0x000c
+      NETR_DFS_REMOVE_STD_ROOT = 0x000d
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_request'
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_add_std_root_response'
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_request'
+      require 'ruby_smb/dcerpc/dfsnm/netr_dfs_remove_std_root_response'
+      # Create a new stand-alone DFS namespace.
+      #
+      # @param server_name [String] The host name of the DFS root target.
+      # @param root_share [String] The DFS root target share name.
+      # @param comment [String] A comment associated with the DFS namespace.
+      # @return nothing is returned on success
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
+      #   NetrDfsAddStdRootResponse packet
+      # @raise [RubySMB::Dcerpc::Error::DfsnmError] if the response error status
+      #   is not ERROR_SUCCESS
+      def netr_dfs_add_std_root(server_name, root_share, comment: '')
+        netr_dfs_add_std_root_request = NetrDfsAddStdRootRequest.new(
+          server_name: server_name,
+          root_share: root_share,
+          comment: comment
+        )
+        response = dcerpc_request(netr_dfs_add_std_root_request)
+        begin
+          netr_dfs_add_std_root_response = NetrDfsAddStdRootResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading NetrDfsAddStdRootResponse'
+        end
+        unless netr_dfs_add_std_root_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          status_code = WindowsError::Win32.find_by_retval(netr_dfs_add_std_root_response.error_status.value).first
+          raise RubySMB::Dcerpc::Error::DfsnmError.new(
+            "Error returned with netr_dfs_add_std_root: #{status_code}",
+            status_code: status_code
+          )
+        end
+        nil
+      end
+      # Delete the specified stand-alone DFS namespace.
+      #
+      # @param server_name [String] The host name of the DFS root target.
+      # @param root_share [String] The DFS root target share name.
+      # @return nothing is returned on success
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
+      #   NetrDfsRemoveStdRootResponse packet
+      # @raise [RubySMB::Dcerpc::Error::DfsnmError] if the response error status
+      #   is not ERROR_SUCCESS
+      def netr_dfs_remove_std_root(server_name, root_share)
+        netr_dfs_remove_std_root_request = NetrDfsRemoveStdRootRequest.new(
+          server_name: server_name,
+          root_share: root_share
+        )
+        response = dcerpc_request(netr_dfs_remove_std_root_request)
+        begin
+          netr_dfs_remove_std_root_response = NetrDfsRemoveStdRootResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading NetrDfsRemoveStdRootResponse'
+        end
+        unless netr_dfs_remove_std_root_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          status_code = WindowsError::Win32.find_by_retval(netr_dfs_remove_std_root_response.error_status.value).first
+          raise RubySMB::Dcerpc::Error::DfsnmError.new(
+            "Error returned with netr_dfs_remove_std_root: #{status_code}",
+            status_code: status_code
+          )
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/error.rb CHANGED Viewed

@@ -13,6 +13,19 @@ module RubySMB
       # Raised when an invalid packet is received
       class InvalidPacket < DcerpcError; end
+      # Raised when a fault response is received
+      class FaultError < InvalidPacket
+        attr_reader :status_code
+        def initialize(message=nil, status:)
+          @status_code = status
+          super(message)
+        end
+        def status_name
+          RubySMB::Dcerpc::Fault::Status.name(@status_code)
+        end
+      end
       # Raised when an error is returned during a Winreg operation
       class WinregError < DcerpcError; end
@@ -33,6 +46,17 @@ module RubySMB
       # Raised when an error is returned during a Epm operation
       class EpmError < DcerpcError; end
+      # Raised when an error is returned during a Dfsnm operation
+      class DfsnmError < DcerpcError
+        include RubySMB::Error::UnexpectedStatusCode::Mixin
+        def initialize(msg, status_code: nil)
+          self.status_code = status_code unless status_code.nil?
+          super(msg)
+        end
+      end
     end
   end
 end

data/lib/ruby_smb/dcerpc/fault.rb ADDED Viewed

@@ -0,0 +1,83 @@
+module RubySMB::Dcerpc::Fault
+  module Status
+    # DCERPC
+    NCA_S_FAULT_OTHER              = 0x00000001
+    NCA_S_FAULT_ACCESS_DENIED      = 0x00000005
+    NCA_S_FAULT_NDR                = 0x000006F7
+    NCA_S_FAULT_CANT_PERFORM       = 0x000006D8
+    NCA_S_FAULT_INT_DIV_BY_ZERO    = 0x1C000001
+    NCA_S_FAULT_ADDR_ERROR         = 0x1C000002
+    NCA_S_FAULT_FP_DIV_ZERO        = 0x1C000003
+    NCA_S_FAULT_FP_UNDERFLOW       = 0x1C000004
+    NCA_S_FAULT_FP_OVERFLOW        = 0x1C000005
+    NCA_S_FAULT_INVALID_TAG        = 0x1C000006
+    NCA_S_FAULT_INVALID_BOUND      = 0x1C000007
+    NCA_RPC_VERSION_MISMATCH       = 0x1C000008
+    NCA_UNSPEC_REJECT              = 0x1C000009
+    NCA_S_BAD_ACTID                = 0x1C00000A
+    NCA_WHO_ARE_YOU_FAILED         = 0x1C00000B
+    NCA_MANAGER_NOT_ENTERED        = 0x1C00000C
+    NCA_S_FAULT_CANCEL             = 0x1C00000D
+    NCA_S_FAULT_ILL_INST           = 0x1C00000E
+    NCA_S_FAULT_FP_ERROR           = 0x1C00000F
+    NCA_S_FAULT_INT_OVERFLOW       = 0x1C000010
+    NCA_S_FAULT_PIPE_EMPTY         = 0x1C000014
+    NCA_S_FAULT_PIPE_CLOSED        = 0x1C000015
+    NCA_S_FAULT_PIPE_ORDER         = 0x1C000016
+    NCA_S_FAULT_PIPE_DISCIPLINE    = 0x1C000017
+    NCA_S_FAULT_PIPE_COMM_ERROR    = 0x1C000018
+    NCA_S_FAULT_PIPE_MEMORY        = 0x1C000019
+    NCA_S_FAULT_CONTEXT_MISMATCH   = 0x1C00001A
+    NCA_S_FAULT_REMOTE_NO_MEMORY   = 0x1C00001B
+    NCA_INVALID_PRES_CONTEXT_ID    = 0x1C00001C
+    NCA_UNSUPPORTED_AUTHN_LEVEL    = 0x1C00001D
+    NCA_INVALID_CHECKSUM           = 0x1C00001F
+    NCA_INVALID_CRC                = 0x1C000020
+    NCS_S_FAULT_USER_DEFINED       = 0x1C000021
+    NCA_S_FAULT_TX_OPEN_FAILED     = 0x1C000022
+    NCA_S_FAULT_CODESET_CONV_ERROR = 0x1C000023
+    NCA_S_FAULT_OBJECT_NOT_FOUND   = 0x1C000024
+    NCA_S_FAULT_NO_CLIENT_STUB     = 0x1C000025
+    NCA_OP_RNG_ERROR               = 0x1C010002
+    NCA_UNK_IF                     = 0x1C010003
+    NCA_WRONG_BOOT_TIME            = 0x1C010006
+    NCA_S_YOU_CRASHED              = 0x1C010009
+    NCA_PROTO_ERROR                = 0x1C01000B
+    NCA_OUT_ARGS_TOO_BIG           = 0x1C010013
+    NCA_SERVER_TOO_BUSY            = 0x1C010014
+    NCA_UNSUPPORTED_TYPE           = 0x1C010017
+    # Microsoft specific codes
+    E_NOTIMPL                      = 0x80004001
+    E_POINTER                      = 0x80004003
+    E_AOBRT                        = 0x80004004
+    E_UNEXPECTED                   = 0x8000FFFF
+    RPC_E_SERVERFAULT              = 0x80010105
+    RPC_E_DISCONNECTED             = 0x80010108
+    RPC_E_INVALID_IPID             = 0x80010113
+    RPC_E_TIMEOUT                  = 0x8001011F
+    DISP_E_MEMBERNOTFOUND          = 0x80020003
+    DISP_E_UNKNOWNNAME             = 0x80020006
+    DISP_E_BADPARAMCOUNT           = 0x8002000E
+    CBA_E_MALFORMED                = 0x8004CB00
+    CBA_E_UNKNOWNOBJECT            = 0x8004CB01
+    CBA_E_INVALIDID                = 0x8004CB05
+    CBA_E_INVALIDCOOKIE            = 0x8004CB09
+    CBA_E_QOSTYPEUNSUPPORTED       = 0x8004CB0B
+    CBA_E_QOSVALUEUNSUPPORTED      = 0x8004CB0C
+    CBA_E_NOTAPPLICABLE            = 0x8004CB0F
+    CBA_E_LIMITVIOLATION           = 0x8004CB12
+    CBA_E_QOSTYPENOTAPPLICABLE     = 0x8004CB13
+    CBA_E_OUTOFPARTNERACCOS        = 0x8004CB18
+    CBA_E_FLAGUNSUPPORTED          = 0x8004CB1C
+    CBA_E_FRAMECOUNTUNSUPPORTED    = 0x8004CB23
+    CBA_E_MODECHANGE               = 0x8004CB25
+    E_OUTOFMEMORY                  = 0x8007000E
+    E_INVALIDARG                   = 0x80070057
+    RPC_S_PROCNUM_OUT_OF_RANGE     = 0x800706D1
+    OR_INVALID_OXID                = 0x80070776
+    def self.name(value)
+      constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/ndr.rb CHANGED Viewed

@@ -312,29 +312,31 @@ module RubySMB::Dcerpc::Ndr
     def initialize_instance
       @read_until_index = 0
       @max_count = 0
+      @max_count_set = false
       super
     end
     def insert(index, *objs)
       obj = super
-      @max_count = length
+      @max_count = length unless @max_count_set
       obj
     end
     def slice_index(index)
       obj = super
-      @max_count = length
+      @max_count = length unless @max_count_set
       obj
     end
     def []=(index, value)
       obj = super
-      @max_count = length
+      @max_count = length unless @max_count_set
       obj
     end
     def set_max_count(val)
       @max_count = @read_until_index = val
+      @max_count_set = true
     end
   end
@@ -650,7 +652,7 @@ module RubySMB::Dcerpc::Ndr
     include ConstructedTypePlugin
     def should_process_max_count?
-      # According to the NDR defintion for Structures Containing a Conformant
+      # According to the NDR definition for Structures Containing a Conformant
       # Array:
       #
       # "In the NDR representation of a structure that contains a
@@ -761,13 +763,13 @@ module RubySMB::Dcerpc::Ndr
         return (4 - (rel_offset % 4)) % 4
       end
       if obj.is_a?(ConfPlugin)
-        # `max_count` should have been handled at the begining of the structure
+        # `max_count` should have been handled at the beginning of the structure
         # already. We need to fix `rel_offset` since it includes the
         # `max_count` 4 bytes, plus the possible padding bytes needed to align
         # the structure. This is required because BinData Struct is not
-        # aware of `max_count` and considere the first field to be the begining
+        # aware of `max_count` and consider the first field to be the beginning
         # of the structure instead. We have to make sure the alignment is
-        # calculated from the begining of the structure.
+        # calculated from the beginning of the structure.
         align = eval_parameter(:byte_align)
         pad_length = (align - (4 % align)) % align
         rel_offset += (4 + pad_length)
@@ -776,7 +778,7 @@ module RubySMB::Dcerpc::Ndr
         # (not Varying). The size information (max_count) has been place in
         # from of the structure and no other size information is present before
         # the actual elements of the array. Therefore, the alignment must be
-        # done accroding to th rules of the elements. Since a NdrArray has its
+        # done according to the rules of the elements. Since a NdrArray has its
         # default :byte_align value set to 4 (:max_count size), we have to make
         # sure the element size is used instead.
         unless obj.is_a?(VarPlugin)
@@ -838,6 +840,10 @@ module RubySMB::Dcerpc::Ndr
     end
   end
+  #
+  # [Unions](https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_08)
+  #
   # TODO: Unions
   # TODO: Pipes
@@ -1207,6 +1213,11 @@ module RubySMB::Dcerpc::Ndr
     extend PointerClassPlugin
   end
+  class NdrUint16ArrayPtr < NdrConfVarArray
+    default_parameters type: :ndr_uint16
+    extend PointerClassPlugin
+  end
   class NdrFileTimePtr < NdrFileTime
     extend PointerClassPlugin
   end

data/lib/ruby_smb/dcerpc/request.rb CHANGED Viewed

@@ -60,16 +60,21 @@ module RubySMB
           string                          :default
         end
         choice 'Samr', selection: -> { opnum } do
-          samr_connect_request                     Samr::SAMR_CONNECT
-          samr_lookup_domain_in_sam_server_request Samr::SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
-          samr_open_domain_request                 Samr::SAMR_OPEN_DOMAIN
-          samr_enumerate_users_in_domain_request   Samr::SAMR_ENUMERATE_USERS_IN_DOMAIN
-          samr_rid_to_sid_request                  Samr::SAMR_RID_TO_SID
-          samr_close_handle_request                Samr::SAMR_CLOSE_HANDLE
-          samr_get_alias_membership_request        Samr::SAMR_GET_ALIAS_MEMBERSHIP
-          samr_open_user_request                   Samr::SAMR_OPEN_USER
-          samr_get_groups_for_user_request         Samr::SAMR_GET_GROUPS_FOR_USER
-          string                                   :default
+          samr_connect_request                         Samr::SAMR_CONNECT
+          samr_lookup_domain_in_sam_server_request     Samr::SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER
+          samr_open_domain_request                     Samr::SAMR_OPEN_DOMAIN
+          samr_enumerate_users_in_domain_request       Samr::SAMR_ENUMERATE_USERS_IN_DOMAIN
+          samr_rid_to_sid_request                      Samr::SAMR_RID_TO_SID
+          samr_close_handle_request                    Samr::SAMR_CLOSE_HANDLE
+          samr_get_alias_membership_request            Samr::SAMR_GET_ALIAS_MEMBERSHIP
+          samr_open_user_request                       Samr::SAMR_OPEN_USER
+          samr_get_groups_for_user_request             Samr::SAMR_GET_GROUPS_FOR_USER
+          samr_enumerate_domains_in_sam_server_request Samr::SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER
+          samr_lookup_names_in_domain_request          Samr::SAMR_LOOKUP_NAMES_IN_DOMAIN
+          samr_create_user2_in_domain_request          Samr::SAMR_CREATE_USER2_IN_DOMAIN
+          samr_set_information_user2_request           Samr::SAMR_SET_INFORMATION_USER2
+          samr_delete_user_request                     Samr::SAMR_DELETE_USER
+          string                                       :default
         end
         choice 'Wkssvc', selection: -> { opnum } do
           netr_wksta_get_info_request Wkssvc::NETR_WKSTA_GET_INFO
@@ -85,7 +90,12 @@ module RubySMB
           drs_domain_controller_info_request Drsr::DRS_DOMAIN_CONTROLLER_INFO
           drs_crack_names_request            Drsr::DRS_CRACK_NAMES
           drs_get_nc_changes_request         Drsr::DRS_GET_NC_CHANGES
-          string                      :default
+          string                             :default
+        end
+        choice 'Dfsnm', selection: -> { opnum } do
+          netr_dfs_add_std_root_request    Dfsnm::NETR_DFS_ADD_STD_ROOT
+          netr_dfs_remove_std_root_request Dfsnm::NETR_DFS_REMOVE_STD_ROOT
+          string                           :default
         end
         string :default
       end

data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb CHANGED Viewed

@@ -109,6 +109,11 @@ module RubySMB
       end
     end
+    class RpcUnicodeStringConfVarArray < Ndr::NdrConfVarArray
+      extend Ndr::ArrayClassPlugin
+      default_parameters type: :rpc_unicode_string
+    end
     # A pointer to a RPC_UNICODE_STRING structure
     class PrpcUnicodeString < RpcUnicodeString
       extend Ndr::PointerClassPlugin

data/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_request.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+      # [3.1.5.4.4 SamrCreateUser2InDomain (Opnum 50)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a98d7fbb-1735-4fbf-b41a-ef363c899002)
+      class SamrCreateUser2InDomainRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        sampr_handle         :domain_handle
+        rpc_unicode_string   :name
+        ndr_uint32           :account_type
+        ndr_uint32           :desired_access
+        def initialize_instance
+          super
+          @opnum = SAMR_CREATE_USER2_IN_DOMAIN
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/samr/samr_create_user2_in_domain_response.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Samr
+      # [3.1.5.4.4 SamrCreateUser2InDomain (Opnum 50)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a98d7fbb-1735-4fbf-b41a-ef363c899002)
+      class SamrCreateUser2InDomainResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        sampr_handle         :user_handle
+        ndr_uint32           :granted_access
+        ndr_uint32           :relative_id
+        ndr_uint32           :error_status
+        def initialize_instance
+          super
+          @opnum = SAMR_CREATE_USER2_IN_DOMAIN
+        end
+      end
+    end
+  end
+end